<?php
session_start();

ini_set('display_errors', 'On');
error_reporting(E_ALL);

// Connect to the DB.
$_SESSION["errmsg"] = '';
require_once '../include/config.lib.php';
require_once '../include/database.lib.php';

ConnectToDB();

$password = strtoupper(SHA1($_POST["password"]));//encrypt password by SHA1 and upper case.
$authenticationReq = DBExecute("SELECT username, ID FROM person WHERE username = '".$_POST["accountNo"]."' AND password = '".$password."'");
$authentication = $authenticationReq->fetchAssocRow();

///conference

$role_p = $_POST['roles'];
/*if($role == 'pcchair')
	$role = 'admin';*/
	
if( !isset($authentication["ID"]) && isset($authentication["USERNAME"])){
	$_SESSION["errmsg"] = "username yes, id no??!!";
	echo "<HTML><META http-equiv=\"refresh\" content=\"0; url=../login.php\"></HTML>";//redirect to the login page
}
if( isset($authentication["ID"])){
	$roleAuthReq = DBExecute("SELECT role as prole FROM PeopleRoles WHERE personId = ".$authentication["ID"]." AND role = '".$_POST['roles']."'");
	$roleAuth = $roleAuthReq->fetchAssocRow();
}
	
///

$url = $_SESSION["previouspage"];

$_SESSION["accountNo"] = $authentication["USERNAME"];
if(isset($_SESSION["accountNo"]) && isset($roleAuth['PROLE']))
//if(isset($_SESSION["accountNo"]))
{//user name and password correct - and role
	$_SESSION['role'] = $roleAuth['PROLE'];
	echo "<HTML><META http-equiv=\"refresh\" content=\"0; url='".$url."'\"></HTML>";//redirect to the previous page
}
else 
{//password or user name wrong
	$errmsg = "Wrong user name or password or role. role-post:".$_POST['roles']." , role:".$role_p;
/*	session_destroy();
	session_start();
	$_SESSION["previouspage"] = $url; */
	$_SESSION["errmsg"] = $errmsg;	
	echo "<HTML><META http-equiv=\"refresh\" content=\"0; url=../login.php\"></HTML>";//redirect to the login page
}

?>